We recently encountered an error when using Get-ADDomainController for a domain which had a partially decommissioned domain controller (partial demotion). When running Get-ADDomainController with the * filter, it would return “Directory Object not found” and provide no other details.
Using the script below, we were able to loop through polling Active Directory for each domain controller in that domain until it failed on the faulty DC providing our first clue to the offending server.

Using this script as a PowerShell Logon Script (via GPO / GPEDIT), you can force a logoff at after a specified timeframe and give a warning to the user X minutes beforehand. You’ll want to force hide the script window using ‘-windowstyle hidden’, otherwise they could just kill it and never get logged off.

1234567891011121314151617

# Logon Script that will auto-logoff a user after a specified amount of time has passed,# and will give a warning of the impending logoff at a specified amount of time beforehand.# The Warning Message has 10 second timeout so that the user can't postpone the logoff forever.$maxTime=8# hours$warnTime=5# minutes$msgTimeout=10# seconds$WarningMSG="NOTICE! You will be logged off automatically in $warnTime minutes. Please save your files."# ========================================================================================================# Calculate Time To Sleep$sleepyTime=$maxTime*60*60$warningTime=$warnTime*60Sleep-Seconds($sleepyTime-$warningTime)$wshell=New-Object-ComObject Wscript.Shell$wshell.Popup($WarningMSG,$msgTimeout,"Automatic Logoff Incoming...",0x0)Sleep-Seconds$warningTime# ADD LOGOFF CODE BELOW!
Logoff

Loops at a specified interval and monitors emails for titles which RegEx match [identifier] [url] (e.g. mycoolID http://mirror.math.princeton.edu//ubuntu-17.10.1-desktop-amd64.iso) and downloads the files using BITS to a specified storage location. Uses background jobs so there’s no blocking.

Usage: Configure the settings in the script and run it. Then send an email to the email account configure for RSS monitoring. The email subject / tile should contain your unique identifier (whatever random string you choose (configured in the RegEx variable)), a space, and the URL you wish to have downloaded by the script.

If Windows Defender is enabled on your computer, the script will initiate a scan of the files upon download completion.

It is recommended to setup a separate account to do this with since you have to allow “less secure apps” access in your Gmail Security settings.

# Monitor Gmail and Download Files Based On Title Contents using RegEx# Uses the BITS client to download# If Enabled, Files are scanned with Windows Defender upon download completion# OPTIONS# Folder where files will be dropped, no trailing slash \$FileDrop="Z:\FileDrop"# RegEx for Title Matching. Should be [Unique Identifier] [URL] E.G.: 'MYuniqID https://download.com/this/file/here.exe'# The filename to save in the FileDrop is pulled from the last / of the URL, would be "here.exe" from the example above.$titleRegEx='^myCoolID\s(http[s]{0,1}://.*)'# Frequency to check email in minutes$freq=1# Gmail Account Info (must allow insecure apps in your security settings)$user="username@gmail.com"$pwd="password1234!"# Scan downloaded files with Windows Defender upon completion?$scanFiles=$true#==============================================================================

$computers=@("server1","server2")# or use get-content to pull in list from file, or Get-ADComputer to pull in list from AD
Invoke-Command $computers{ Get-Volume |Where{($_.DriveType -eq"Fixed")-and($_.DriveLetter -eq"X")}}